HTML5 Webook

27/84

1IntroductionIt is urgent to develop cryptographic technologies for secure condential communications of certain types of information, such as genome data in the pharmaceutical and medical elds because their condentiality needs to be kept for generations over hundreds of years. However, there are concerns that the current cryptographic systems, which rely on computationally complex of factorization of prime numbers or distributed logarithms, may not be able to securely protect condentiality with the advent of quantum computers [1]. In addition, the current cryptographic techniques may not be able to secure safety in 30 years due to steadily increasing computational capabilities. On the other hand, lattice-based systems [2][3] are proposed as the most promising quantum-resistant cryptographic systems. However, their performance evaluations are scheduled to be conducted from 2020 to 2022 at the National Institute of Standards and Technology (NIST) [4]. As such, it will take several years before solutions to the safety issues we are currently facing become available. Furthermore, chang-ing cryptographic systems will likely necessitate a change in the length of public keys. We therefore might have to abandon the current communication protocol. In other words, we might have to drastically modify the current communication devices if protocols for each layer of the OSI model are changed. Alternatively, risks of information leakage may be eliminated by attaching a new system equipped with a dedicated line to the current communica-tions system. is method involves a combination of quantum key distribution, which enables sharing of theo-retically safe random numbers between the two parties, and Vernam’s one-time pad [5][6]. e method will completely eliminate the risks of information being eavesdropped. Experiments to distribute quantum keys using laid ber began in 2000, and a high-speed quantum key distribution device driven by a GHz-order clock has been developed [6]-[8]. And, network operations of quantum key distribu-tion have been conducted in several countries [9]-[11]. While quantum key distribution secures safety when data is transmitted, it does not help preserve data. In contrast, Shamir’s secret sharing scheme in modern cryptography had been known to be a safe data preservation means in theory [12]. However, information theoretically secure transmission of the data called “share” that is indispensable for recovering secret data, was only “assumed.” In other 3-2 Information Theoretically Secure Distributed Storage with QKD and Password-Authenticated Secret SharingMikio FUJIWARA, Atsushi WASEDA, Ryo NOJIMA, Shiho MORIAI, Wakaha OGATA, and Masahide SASAKIDistributed storage plays an essential role in realizing robust and secure data storage in a network over long periods of time. Distributed storage systems consist of a data owner machine, multiple storage servers and channels to link them. In those systems, secret sharing (SS) scheme is widely adopted, in which secret data are split into multiple pieces and stored in each server. To reconstruct them, the data owner should gather plural pieces. Shamir’s (k, n)-threshold scheme, in which the data are split into n pieces (shares) for storage and at least k pieces of them must be gathered for reconstruction, furnishes information theoretic security, that is, even if attackers could collect shares of less than the threshold k, they cannot get any information about the data, even with unlimited computing power. Behind this scenario, however, assumed is that data transmission and authentication must be perfectly secure, which is not trivial in practice. Here we propose a totally information theoretically secure distributed storage system based on a user-friendly single-password-authenticated SS scheme and secure transmission using quantum key distribution (QKD), and demonstrate it in the Tokyo metropolitan area (≤90km). Our system will also be useful for highly secure data relay with a QKD network, greatly relaxing the security assumptions on the key relay nodes as well as enhancing the ability of risk management.233 Quantum Key Distribution Network